Term
| Physical Security encompasses what three main things? |
|
Definition
1. Environmental tolerances
2. Covers damage and loss due to sabotage or theft.
3. Includes threats to personnel, including coercion of trusted insiders. |
|
|
Term
| What does EASI stand for? |
|
Definition
| Estimate of Advisory Sequence Interuption |
|
|
Term
|
Definition
| It is a is a dynamic, analytic method widely used by security professionals to evaluate a physical protection security system (ppss). |
|
|
Term
| What is the Critical Detection Point (CDP)? |
|
Definition
| Any position on a facility where if an adversary is detected, there is enough time remaining for the response force to interrupt the adversary. |
|
|
Term
| What is Adversary Path Analysis? |
|
Definition
| A method that analyzes many attack paths in order to indentify the path of greatest system vulnerability. |
|
|
Term
| What is a connectivity diagram? |
|
Definition
| A node/link based diagram where nodes represent physical or logical locations with the system and links measure connectivity between the locations such as travel time or cost to travel between nodes. Used to identify shortest paths through the system. |
|
|
Term
| How is a simple incident matrix created? (2 steps) |
|
Definition
1. One row for each node and one column for each arc.
2. For each arc (i, j), put +1 in row i and -1 in row j. |
|
|
Term
| What are the two main types of connectivity diagrams? |
|
Definition
1. Task-based.
2. Location-based. |
|
|
Term
| Compare Task-based and Location-based Connectivity diagrams |
|
Definition
1. Task-based are usually based on more information and so are better for travel time and detection probability analysis.
2. Location-based are generally based on less information and so should be more conservative. |
|
|
Term
| What are the four characterisitc factors of Multiple Adversary Team analysis? |
|
Definition
1. The helper team detection factor (HTDF)
2. The helper team time factor (HTTF)
3. The simultaneous primary team detection factor (STDF)
4. The Simultaneous primary team time factor (STTF)
These four factors help to describe the influence multiple adversary teams have on one another and they must be specified at the outset of the problem. |
|
|
Term
| What is a physical security survey? (two main parts) |
|
Definition
A technique to recognize and appraise two types of risk to target:
• Possible maximum loss
• Probable maximum loss
Often used on a scenario basis in combination with threat analysis. |
|
|
Term
|
Definition
| Information materialized. |
|
|
Term
| What is information? (three parts) |
|
Definition
1. Carries new knowledge.
2. Conveyed by some carier: Letters, digits, symbols.
3. Is meaningful/interpretable to the recipient. |
|
|
Term
| What are four main questions that Information Theory is concerned with? |
|
Definition
1. How to quantify the amount of information?
2. How much memory is needed to store information?
3. How can we protect the information?
4. What to do if information is corrupted by noise? |
|
|
Term
| What is the information content of a message according to Claude Elwood Shannon? |
|
Definition
| The number of 0s and 1s it takes to describe the information. |
|
|
Term
| What is the elementary unit of information? |
|
Definition
|
|
Term
| All models of information flow include a "channel". What happen to information as it flow across a channel? |
|
Definition
| The information can be corrupted. Note: Even if security is not considered, this can be done through the introduction of random information (noise). |
|
|
Term
| What was Claude Elwood Shannon's basic information flow observation regarding bit correction? |
|
Definition
| We should not correct single bits. This is wasteful. We should correct blocks of bits. |
|
|
Term
| According to information theory, information is contained only is the messages that are "fill-in-the-blank-here" to the receiver. |
|
Definition
|
|
Term
|
Definition
| Data that describes data. E.g., network packet headers, block parity bits, etc. |
|
|
Term
| What are the three main parts of traditional information classification? |
|
Definition
1. Create information.
2. Label using meta data.
3. Handle according to label. |
|
|
Term
| What was the more recent insight over traditional information classification? |
|
Definition
| Data should be classified according to how the system data is processed/used. |
|
|
Term
| System security requirements should be integrated into what type of system requirements? |
|
Definition
|
|
Term
| System vulnerability are frequently introduced in what type of requirements? |
|
Definition
|
|
Term
| What is specialty engineering? |
|
Definition
| The collection of those narrow disciplines that are needed to engineer a complete system. E.g., reliability, maintainability, availability, human factors, safety, electromagnetic effects, facilities, logistics. |
|
|
Term
|
Definition
| The probability that an item will perform its intended function for a specified period of time under stated conditions. |
|
|
Term
|
Definition
| A measure of the degree to which an item is in an operable and committable state at the start of a mission when the mission is called for at a random time. |
|
|
Term
|
Definition
| The measure of the ability of an item to be retained in or testored to a specified condition when maintenance is performed by personnel having specified skill lelvel, using prescribed procedures and resources, at each presribed level of maintenance and repair. |
|
|
Term
| Qualities to Components (hierarchy - sevel levels) |
|
Definition
1. Need(ed Quality)
2. Attributes (qualitative)
3. Capabilities
4. Functions
5. Measures
6. Analysis
7. Units/Components |
|
|
Term
| System Security (definition) |
|
Definition
An emergent property that arises from the interactions between system elements and an adversary
• adversary may or may not be part of the system under consideration
• adversary may or may not be intentionally malicious |
|
|
Term
|
Definition
| A theory of learning that looks not at isolated skills and knowledge, but at how those skills and knowledge systematically link to one another—and to the values, identity, and ways of making decisions and justifying actions of some community of practice. |
|
|
Term
|
Definition
| Something that thwarts people (and/or systems acting on their behalf) who, intentionally or not, enact threats that exploit system vulnerabilities and thereby cause damage that adversely impacts system value. |
|
|
Term
|
Definition
| A system capability that contributes to its security. |
|
|
Term
|
Definition
| Measurement that characterizes an attribute of the system of interest that is proposed to have both face and construct validity in the context of a hypothesis that the system is secure. |
|
|
Term
|
Definition
| The concept of operations, mission, and environment under which a system operates. |
|
|
Term
| Security Systemigram (story) |
|
Definition
| Security thwarts perpetrators who enact threats to exploit vulnerabilities that permit disruption that harms systems which produce and manage value. |
|
|
